CVE-2022-24673

28.03.2023, 19:15

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi	CNA	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
canon	d1620_firmware	-
canon	d1650_firmware	-
canon	d1520_firmware	-
canon	d1550_firmware	-
canon	mf1127c_firmware	-
canon	mf1238_firmware	-
canon	mf1238_ii_firmware	-
canon	mf1643i_ii_firmware	-
canon	mf1643if_ii_firmware	-
canon	mf414dw_firmware	-
canon	mf416dw_firmware	-
canon	mf419dw_firmware	-
canon	mf515dw_firmware	-
canon	mf424dw_firmware	-
canon	mf426dw_firmware	-
canon	mf429dw_firmware	-
canon	mf525dw_firmware	-
canon	mf445dw_firmware	-
canon	mf448dw_firmware	-
canon	mf449dw_firmware	-
canon	mf543dw_firmware	-
canon	mf451dw_firmware	-
canon	mf452dw_firmware	-
canon	mf453dw_firmware	-
canon	mf455dw_firmware	-
canon	mf6160dw_firmware	-
canon	mf6180dw_firmware	-
canon	mf624cdw_firmware	-
canon	mf628cdw_firmware	-
canon	mf632cdw_firmware	-
canon	mf634cdw_firmware	-
canon	mf641cw_firmware	-
canon	mf642cdw_firmware	-
canon	mf644cdw_firmware	-
canon	mf726cdw_firmware	-
canon	mf729cdw_firmware	-
canon	mf731cdw_firmware	-
canon	mf733cdw_firmware	-
canon	mf735cdw_firmware	-
canon	mf741cdw_firmware	-
canon	mf743cdw_firmware	-
canon	mf745cdw_firmware	-
canon	mf746cdw_firmware	-
canon	mf810cdn_firmware	-
canon	mf820cdn_firmware	-
canon	mf8280cw_firmware	-
canon	mf8580cdw_firmware	-
canon	lbp1127c_firmware	-
canon	lbp1238_firmware	-
canon	lbp1238_ii_firmware	-
canon	lbp214dw_firmware	-
canon	lbp215dw_firmware	-
canon	lbp226dw_firmware	-
canon	lbp227dw_firmware	-
canon	lbp228dw_firmware	-
canon	lbp236dw_firmware	-
canon	lbp237dw_firmware	-
canon	lbp251dw_firmware	-
canon	lbp253dw_firmware	-
canon	lbp612cdw_firmware	-
canon	lbp622cdw_firmware	-
canon	lbp623cdw_firmware	-
canon	lbp654cdw_firmware	-
canon	lbp664cdw_firmware	-
canon	ir1435i_firmware	-
canon	1435if_firmware	-
canon	1435p_firmware	-
canon	1435i\+_firmware	-
canon	1435if\+_firmware	-
canon	1435p\+_firmware	-
canon	ir1643i_firmware	-
canon	ir1643if_firmware	-
canon	wg7240_firmware	-
canon	wg7250_firmware	-
canon	wg7250f_firmware	-
canon	wg7250z_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow

https://www.zerodayinitiative.com/advisories/ZDI-22-515/

https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow

https://www.zerodayinitiative.com/advisories/ZDI-22-515/